Search form

Search

Coders' Rights Project

Coders' Rights Project

Coders' Rights Project

EFF's Coders' Rights Project protects programmers and developers engaged in cutting-edge exploration of technology. Security and encryption researchers help build a safer future for all of us using digital technologies, but too many legitimate researchers face serious legal challenges that prevent or inhibit their work. These challenges come from laws such as the Convention on Cybercrime, the Digital Millennium Copyright Act, the Computer Fraud and Abuse Act, similar state laws, and computer crime laws in many countries around the world.

The Coders' Rights Project builds on EFF's longstanding work protecting researchers through education, legal defense, amicus briefs, and involvement in the community with the goal of promoting innovation and safeguarding the rights of curious tinkerers and hackers on the digital frontier. We also provide policy advice to decision-making officials who are considering new computer crime legislation and treaties.

People have always explored and modified the technologies in their lives, whether crystal radios, automobiles, or computer software. Reverse engineering is one expression of this tinkering impulse. Unfortunately, legal regulation of reverse engineering can impact the Freedom to Tinker in a variety of ways. This FAQ gives some information that may help coders reduce their legal risk.

Discovering security flaws is only half the battle – the next step is reporting the findings such that users can protect themselves and vendors can repair their products. Many outlets exists for publicly reporting vulnerabilities including mailing lists supported by universities and by the government. Unfortunately, however, researchers using these public reporting mechanisms have received legal threats from vendors and government agencies seeking to stop publication of vulnerability information or “proof of concept” code demonstrating the flaw. The Vulnerability Reporting FAQ gives information that may help security researchers reduce their legal risk when reporting vulnerabilities.

A computer security researcher who has inadvertently violated the law during the course of her investigation faces a dilemma when thinking about whether to notify a company about a problem she discovered in one of the company’s products. By reporting the security flaw the researcher reveals that she may have committed unlawful activity which might invite a lawsuit or criminal investigation. On the other hand withholding information means a potentially serious security flaw may go unremedied.

EFF is introducing a new Coders' Rights project to connect the work of security research with the fundamental rights of its practitioners throughout the Americas. The project seeks to support the right of free expression that lies at the heart of researchers' creations and use of computer code to...

Have you ever wanted to talk with the Electronic Frontier Foundation about the risks of talking in public about security issues, especially in connected Internet of Things devices? Tomorrow, you'll get your chance. Information security has never been more important: now that everything from a car to a...

Congress has never made a law saying, "Corporations should get to decide who gets to publish truthful information about defects in their products,"— and the First Amendment wouldn't allow such a law — but that hasn't stopped corporations from conjuring one out of thin air, and then defending it as...

Update: Canadian authorities announced on May 7 that they dropped all charges against the teen they had previously accused of unauthorized use of a computer service for downloading public records from a government website. Canadian authorities should drop charges against a 19-year-old Canadian accused of “unauthorized use...

For tech lawyers, one of the hottest questions this year is: can companies use the Computer Fraud and Abuse Act (CFAA)—an imprecise and outdated criminal anti-“hacking” statute intended to target computer break-ins—to block their competitors from accessing publicly available information on their websites? The answer to this question has wide-ranging...